Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | oplist: Plug another memory leak occurring on parse error | Nikias Bassen | 2023-01-11 | 2 | -0/+2 | |
| | | | | Credit to OSS-Fuzz | |||||
* | oplist: Plug some more memory leaks occuring when parsing fails | Nikias Bassen | 2023-01-11 | 1 | -4/+5 | |
| | ||||||
* | fuzz: Add OpenStep crash/leak testcases found by OSS-Fuzz | Nikias Bassen | 2023-01-09 | 3 | -0/+8 | |
| | ||||||
* | oplist: Add more bound checks to prevent OOB reads | Nikias Bassen | 2023-01-09 | 1 | -2/+32 | |
| | ||||||
* | oplist: Fix OOB read by checking bounds properly | Nikias Bassen | 2023-01-09 | 1 | -1/+6 | |
| | | | | Credit to OSS-Fuzz | |||||
* | oplist: Fix use-after-free by setting free'd pointer to NULL | Nikias Bassen | 2023-01-09 | 1 | -0/+1 | |
| | | | | Credit to OSS-Fuzz | |||||
* | oplist: Plug memory leaks occurring when parsing fails | Nikias Bassen | 2023-01-09 | 1 | -0/+7 | |
| | ||||||
* | Updated README | Nikias Bassen | 2023-01-08 | 1 | -7/+14 | |
| | ||||||
* | fuzz: Add OpenStep plist fuzzer | Nikias Bassen | 2023-01-08 | 6 | -3/+108 | |
| | ||||||
* | fuzz: Fix comment in jplist_fuzzer saying XML | Nikias Bassen | 2023-01-08 | 1 | -2/+2 | |
| | ||||||
* | Add support for OpenStep plist format | Nikias Bassen | 2023-01-08 | 18 | -45/+1322 | |
| | ||||||
* | fuzz: Add some more JSON test case from OSS-Fuzz | Nikias Bassen | 2023-01-08 | 3 | -0/+66 | |
| | ||||||
* | JSON: Only allow to convert PLIST_DICT or PLIST_ARRAY node to JSON | Nikias Bassen | 2023-01-08 | 1 | -0/+8 | |
| | ||||||
* | [github-actions] Add CIFuzz integration | David Korczynski | 2022-11-20 | 1 | -0/+26 | |
| | | | | Signed-off-by: David Korczynski <david@adalogics.com> | |||||
* | [github-actions] CodeQL: No need for scheduled run since it runs on every push | Nikias Bassen | 2022-11-02 | 1 | -2/+0 | |
| | ||||||
* | jplist: Prevent multiplication overflow by casting to larger type | Nikias Bassen | 2022-11-02 | 1 | -2/+2 | |
| | | | | Found by CodeQL | |||||
* | cython: Fix 2 warnings with `-Wbad-function-cast` | Nikias Bassen | 2022-09-05 | 1 | -2/+4 | |
| | ||||||
* | jplist: Fix warning with `-Wbad-function-cast` | Nikias Bassen | 2022-09-05 | 1 | -2/+2 | |
| | ||||||
* | Fix up warning with `-Wbad-function-cast` | Dave MacLachlan | 2022-09-05 | 1 | -1/+4 | |
| | ||||||
* | Get rid of casting a ptr to a 32 bit value | Dave MacLachlan | 2022-09-05 | 1 | -2/+2 | |
| | | | | This causes a warning if `-Wbad-function-cast` is enabled on a build. | |||||
* | [github-actions] Update CodeQL to v2 | Nikias Bassen | 2022-09-05 | 1 | -3/+3 | |
| | ||||||
* | Allow using libplist as a submodule | Nikias Bassen | 2022-09-05 | 1 | -1/+1 | |
| | ||||||
* | bplist: Fix strict aliasing violations | Matthew Smith | 2022-08-24 | 1 | -3/+9 | |
| | | | | | | | | Casting a float pointer to an int pointer is a strict aliasing violation (-Wstrict-aliasing) and is undefined behaviour (although, it did not seem to cause any real issues). An optimising compiler should elide the memcopies added by this commit. | |||||
* | [github-actions] Add a scheduled build every 1st of the month so we always ↵ | Nikias Bassen | 2022-08-24 | 1 | -1/+4 | |
| | | | | have an artifact | |||||
* | jplist: Escape characters [0x00..0x1F] when converting to JSON | Nikias Bassen | 2022-04-06 | 1 | -5/+12 | |
| | ||||||
* | Skip whitespace to properly detect format in plist_from_memory() | Nikias Bassen | 2022-04-06 | 1 | -3/+8 | |
| | ||||||
* | jplist: Fix another OOB read by using correct bounds check | Nikias Bassen | 2022-02-15 | 1 | -1/+1 | |
| | | | | Credit to OSS-Fuzz | |||||
* | [github-actions] Use windows-2019 instead of windows-latest for now | Nikias Bassen | 2022-02-14 | 1 | -1/+1 | |
| | | | | Built is failing because of some python mess | |||||
* | jplist: Fix OOB read by using correct bounds check | Nikias Bassen | 2022-02-11 | 1 | -1/+1 | |
| | | | | Credit to OSS-Fuzz | |||||
* | [github-actions] Windows: Prevent -dirty suffix in version string by ↵ | Nikias Bassen | 2022-02-10 | 2 | -0/+2 | |
| | | | | disabling CRLF conversion | |||||
* | jplist: Prevent read of uninitialized value by checking the bounds beforehand | Nikias Bassen | 2022-02-08 | 1 | -2/+2 | |
| | | | | Credit to OSS-Fuzz | |||||
* | cython: Fix Windows build | Nikias Bassen | 2022-02-07 | 1 | -0/+4 | |
| | ||||||
* | docs: Fix parameter and type names for doxygen | Nikias Bassen | 2022-02-07 | 1 | -8/+11 | |
| | ||||||
* | cython: Fix for LibTool compilation and Python 3 libintl | Rick Mark | 2022-02-07 | 1 | -1/+1 | |
| | | | | | | | | | | On Python 3.9 `libpython` no longer is linkable as a static library due to the fact that `libpython` now depends on `libintl`. This would mean we would have to import `libintl` to create a fully linked .la It is better to be explicit that we are building a .so (really a .dylib but autotools uses linux file conventions) that doesn't have to be fully resolved. | |||||
* | test: Polish json3.test to not leave temp file after test | Nikias Bassen | 2022-02-07 | 1 | -3/+5 | |
| | ||||||
* | Update .gitignore | Nikias Bassen | 2022-02-07 | 1 | -0/+3 | |
| | ||||||
* | test: Add int64 min/max testcase for JSON parser | Nikias Bassen | 2022-02-07 | 3 | -2/+24 | |
| | ||||||
* | xplist: Prevent undefined behavior by not trying to negate INT64_MIN | Nikias Bassen | 2022-02-07 | 1 | -1/+1 | |
| | ||||||
* | jplist: Prevent integer overflow when parsing numerical values | Nikias Bassen | 2022-02-07 | 1 | -6/+29 | |
| | | | | Credit to OSS-Fuzz | |||||
* | configure: Generate usable version via git-version-gen when ran in shallow clone | Nikias Bassen | 2022-02-05 | 1 | -1/+5 | |
| | ||||||
* | jplist: Fix OOB read by making sure number of children is even | Nikias Bassen | 2022-02-03 | 2 | -2/+7 | |
| | | | | Credit to OSS-Fuzz | |||||
* | configure: Prevent wrong version string generation (e.g. when doing a ↵ | Nikias Bassen | 2022-02-02 | 1 | -1/+1 | |
| | | | | shallow checkout from git) | |||||
* | jplist: Fix memory leak on parse error | Nikias Bassen | 2022-02-02 | 2 | -0/+3 | |
| | | | | Credit to OSS-Fuzz | |||||
* | jplist: Improve numerical value parsing without copying data to stack buffer | Nikias Bassen | 2022-02-02 | 1 | -18/+62 | |
| | | | | | | | Instead of calling strtoll() and atof(), the code now parses the numerical values directly to handle cases of non-0-terminated string data. The floating point value parsing is probably not ideal, but sufficient for our purposes. | |||||
* | jplist: Fix memory leak that occurs when JSON parsing fails | Nikias Bassen | 2022-01-31 | 2 | -0/+2 | |
| | | | | Credit to OSS-Fuzz | |||||
* | plistutil: Make sure the input buffer is 0-terminated in all code paths | Nikias Bassen | 2022-01-31 | 1 | -0/+1 | |
| | ||||||
* | test: Update JSON test case to have negative numbers | Nikias Bassen | 2022-01-31 | 1 | -1/+1 | |
| | ||||||
* | jplist: Fix OOB read in parse_primitive caused by missing 0-termination | Nikias Bassen | 2022-01-31 | 1 | -2/+8 | |
| | | | | | | | | | | | In parse_primitive, integer and double values are parsed by using strtoll and atof, which both expect the string to be 0-terminated. While this is not a problem in well-formed JSON files, it can be if the JSON data is not, possibly leading to a crash due to OOB memory access. This commit fixes it by copying the value data in question to a stack buffer and 0-terminate it, and use that buffer instead. Credit to OSS-Fuzz | |||||
* | fuzz: Add another JSON test case from OSS-Fuzz | Nikias Bassen | 2022-01-31 | 1 | -0/+1 | |
| | ||||||
* | jplist: Fix OOB read by making sure the JSMN token index is in valid range | Nikias Bassen | 2022-01-31 | 1 | -31/+48 | |
| | | | | Credit to OSS-Fuzz |